Opened 9 months ago

#32504 new defect

Harden our macOS builds

Reported by: gk Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-security, tbb-sign, GeorgKoppen201911
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

We ship our .dmg files properly notarized since Tor Browser 9 (see: #30126). The Hardened Runtime allows us, however, to tighten down our application further in general, and with respect to what Mozilla is using in particular (we are currently using their production entitlements file).

This is the parent ticket for different issues that have piled up since #30126 got resolved.

Child Tickets

TicketStatusOwnerSummaryComponent
#32505closedgkTighten our rules in our entitlements file for macOSApplications/Tor Browser
#32506newtbb-teamMove to different entitlements files for parent and child processesApplications/Tor Browser
#32507newtbb-teamMove closer to the way Mozilla is signing macOS bundlesApplications/Tor Browser
#34398newtbb-teamHarden our code signing on macOS for ESR 78Applications/Tor Browser

Change History (0)

Note: See TracTickets for help on using tickets.